IMDB victim of denial-of-service attack

On Friday, Internet movie database IMDB fell victim to a sustained distributed denial-of-service (DDoS) attack that coincided with Amazon.com being offline, says one researcher.

Soups Ranjan, a senior member of the technical staff of network protection and management company Narus, said in a blog that he found evidence that at least one of the IP addresses used by IMDB fell under a sustained DDoS attack between 10:30 a.m. and 1:30 p.m. PDT Friday.

"My attempt to load the IMDB page via a direct connection to the Web server under attack (http://72.21.206.70/) doesn't load the images at all. It becomes interesting when you realize that IMDB seems to be hosted using Amazon Web Service (AWS) since this IP-address is registered as belonging to Amazon."

Ranjan noted that the duration of the attack on IMDB coincided with the amount of time that Amazon was offline on Friday.

He also provided some details, saying that "the attacker seemed to open multiple connections with the IMDB's Web server (port 80) while incrementing his source port for every new connection. The attack's average rate was 3Mbits/sec, certainly not large enough to cause a complete meltdown but probably good enough to delay the legit users. However, there might have been other attacks launched at the same time on IMDB which weren't in the path of our probes."

[ralphdaily]

IMDB is owned by Amazon.

[amandachuck]

Interestingly, imdbpro was not down, but imdb was. I know because I used imdbpro, and had no outage yesterday even as I couldn't get on to imdb. And the imdb outage seemed to be longer than the few hours mentioned, so the DDoS attack must have been multi-pronged.

[tlum01]

They seem to have pulled www.(imdb.com) from DNS. Something must still be going on.

[aka_tripleB]

I noticed yesterday when I rented the movie, "Stargate: The Ark of Truth" and wanted to see if the same person played Sam Carter. By the way, she does, and looks very different than she did in the series.

Now also, I know it's "internet" and not "international," I obviously didn't pay as close attention to that.

[QMT]

Why in the hell would someone bring down IMDB?

[JohnQueuePublic]

What led you to the conclusion the attacker was a he? :)

[mbridge]

It would be nice to get more conclusive evidence that the two issues, Amazon.com's outage and IMDB's DDOS, were related. For now this seems like speculation, though interesting speculation.

As a side note, Amazon.com has owned IMDB since 1998. It makes sense that IMDB would be using Amazon's hosting services. What is not clear is if a DDOS attack targeted at a single Amazon customer would flood their entire network (including the network hosting Amazon.com). If this was the case then we should have seen more of Amazon's other customers suffering outages as well.

http://www.mbridge.com

[birdtford]

Guess what, http://72.21.206.70/ still doesn't load the images on 06/09/08. So are they still under attack?

[erginc]

Sunday, July 20, 2008
My IMDB account has been hacked. Received several emails stating that someone changed the email address on my account. When I tried to log in, IMDB no longer recognized anything regarding my account information.

Is this related to the earlier attack I wonder. Whoever hacked my account will perhaps have access to my information. It is impossible to contact IMDB, other than through website emails.

Please investigate. If all IMDB account holders ? 100 percent of people working in the film industry ? have had their accounts hacked. BIG NEWS.